|
|
|
|
|
|
by oarsinsync
2427 days ago
|
|
|
> Better to isolate services from each other limiting cross service jumping, than to build security around a single point of failure I agree that it is better, but let’s not forget that building security around a single point of failure is still an improvement, that is simultaneously both high and low friction. Bad: everything exposed to the internet Good: everything behind a VPN Best: Every application on its own micro-segment with access control up to the application layer to restrict all forms of access beyond the bare minimum of what is required. Perfect is the enemy of good. > Google has gone the opposite direction Google scale solutions are great for google scale organisations. They don’t always scale down very well. |
|
|
I hope for the operator team that they have good tool support to help administer all the access controls. Over time and across large organisations there are going to be a lot.
The even larger challenge must be auditing all these access controls. Services change, and if a connection is not required anymore, it should be painless for its operators to get rid of the corresponding access control.